Karl Fogel's GPG public key:

(For the purposes of this page, I will treat PGP and GnuPG as essentially synonymous — they both
implement the OpenPGP standard.)

I don't trust my ability to use GnuPG. It's not that I think the
algorithms or code are weak, but that GnuPG is as vulnerable as
anything else to protocol attacks and the usual system security holes.
Guarding against these weaknesses would require constant vigilance,
and I'm not up to the task. Therefore, if it's important that your
message to me be truly secret, please contact me before you send it,
and we'll work something out (perhaps involving a One-Time Pad). If we
were to rely on GnuPG alone, we would probably be secure only from
passive or unsophisticated attackers. If you insist on encrypting
your message with GnuPG, consider verifying my public key using the instant answer protocol before sending the message to me.